1. Field of the Invention
The present invention relates to information security, and more specifically to a method and apparatus to securely send data from one system to another.
2. Related Art
It is often required to send data (“original message”) from one system (“sender system”) to another (“receiver system”). One typical concern while sending messages over any medium (Internet, etc.) is that an unknown third party (“intruder”) may decipher the original messages when in transit between the two systems. In addition, the intruder may also modify the original messages and then deliver the modified messages to the receiver system. Accordingly, it is often desirable to send the original messages in a secure manner which addresses one or more of such concerns as is well known in the relevant arts.
One approach for securely sending messages is by using a key (“shared key”), which is shared by both a sender system and a receiver system. In a typical scenario, a sender system encrypts a original message using the shared key to generate an encrypted message. The sender system sends the encrypted message to the receiver system. The receiver system then decrypts the message using the shared key to recover the original message.
One problem with the above approach is that a shared key needs to be sent to at least one of the two systems to facilitate sharing of a generated key. Unfortunately, an intruder may have access to the key while the key is being thus sent, and the security may be thereafter compromised. In addition, each pair of sender system and receiver system may need to have a different shared key to ensure that third parties cannot easily decipher the underlying message. As a result, the corresponding solutions may not scale to situations in which a large of number of senders and receivers are present.
One solution to the above problem is by using a pair of keys (“key pair”) at least for a receiver system. The key pair generally contains a private key and a public key generated according to a mathematical approach such that a message encrypted with a public key can be decrypted using the corresponding private key. The public key may be provided to any of the sender systems, and the private key is maintained confidential at the receiver system.
When sending a message, the sender system encrypts the message using the public key of the receiver. On receiving the message, the receiver decrypts the encrypted message using the private key and thus recovers the original message. As the private key need not be sent to any of the sender systems, the probability of maintaining private key confidential is greatly enhanced. In addition, as the public key can be shared with any number of sender systems, the approach generally scales to a large number of sender and receiver systems.
U.S. Pat. No. 4,218,582 entitled, “Public key cryptographic apparatus and method”, issued to Hellman et al (hereafter “582 patent”) discloses example embodiments of such a system using a combination of public and private key. U.S. Pat. No. 4,405,829 entitled, “Cryptographic communications system and method” issued to Rivest et al also discloses systems for communication using public keys.
However, even in the key pair based approaches, the level of security is generally proportional to the length (or two power the length) of the private keys. However, with a large number of computations, an intruder may use several values as private keys until a correct private key causes the encrypted message to be deciphered.
Accordingly, there have been attempts to increase the length of the (private) keys (to 128 bits or higher) to make the level of security generally higher. However, with availability of greater computational power in a cost-effective manner, the longer keys also may not be adequate to satisfy the security needs of at least some applications.
Several other attempts are also well known to address some of the problems noted above. For example, U.S. Pat. No. 4,200,770, issued to Hellman et al (hereafter “770 patent”) discloses a cryptographic system which transmits a computationally secure cryptogram over an insecure communication channel without prearrangement of a cipher key. The 770 patent discloses that a secure cipher key is generated by the conversers from transformations of exchanged transformed signals. The conversers each possess a secret signal and exchange an initial transformation of the secret signal with the other converser. The received transformation of the other converser's secret signal is again transformed with the receiving converser's secret signal to generate a secure cipher key.
The system of the 770 patent thus appears to require exchange of a secret signal, which in turn is used to generate a secure cipher key. Such a overhead of having to exchange the secret signal may be unacceptable at least in some environments. What is therefore needed is a method and apparatus to deliver messages securely from one system to another.